Google’s new developer registration decree is sparking alarm across the open-source community, with the F-Droid project warning that the rules could effectively shut down its free and open-source Android app store. F-Droid is a non-profit project that distributes only free and open-source Android apps, reviewed to exclude advertisements and trackers.

In a post by F-Droid board member Marc Prud’hommeaux, the project said the decree would create a “choke point” that threatens thousands of open-source apps. He warned that if enforced, the measure could end F-Droid “as we know it today,” cutting off a trusted alternative to Google Play.

New rules demand ID checks, app listings, and fees

Under the new regulations, every Android developer will be required to register with Google, provide government identification, and pay a fee to distribute apps. They must also enumerate all unique application identifiers for the apps they publish to be distributed by the registered developer.

The scope covers all developers worldwide, not just those using Google Play. Apps distributed through sideloading or alternative stores must also come from verified developers on certified Android devices.

Google plans to begin early access to the registration system in October 2025. Full enforcement is scheduled to start in September 2026 in Brazil, Indonesia, Singapore, and Thailand. A global rollout is expected in 2027.

Open-source apps at risk

F-Droid warns that the decree would block it from distributing updates or new versions of existing apps, effectively leaving users without access to new features. With no user accounts by design, the project states that it cannot even measure how many people would be affected.

It argues that tying app identifiers to Google’s registration process hands exclusive control to a single gatekeeper and risks dismantling an open ecosystem built on transparency and reproducible builds.

Google cites a surge in malware from sideloaded apps

Google frames the registration requirement as a security measure, citing its own data that shows over 50 times more malware originating from sideloaded sources than from apps on Google Play. The company states that malicious developers often hide behind anonymity to reappear with new apps after takedowns, thereby putting users at risk of fraud and data theft.

The move has drawn backing from outside groups. Brazil’s banking federation described it as a “significant advancement” in combating scams. At the same time, Indonesia and Thailand’s digital ministries commended it as a proactive step that strikes a balance between openness and safety.

Suzanne Frey, Google’s vice president for product, trust & growth, likened the process to an “ID check at the airport,” verifying who a developer is without reviewing the contents of their apps.

F-Droid disputes that framing, arguing that transparency and reproducible builds offer stronger protections than corporate gatekeeping, and noting that Google Play itself has repeatedly hosted malware.

The fight for app freedom

Critics say the policy threatens app freedom by undermining sideloading and alternative app stores.

For F-Droid, forcing developers to register with a central authority is as troubling as requiring writers or artists to do the same before publishing their work. The project has called on regulators, including the EU’s Digital Markets Act team, to scrutinize the decree as a potential curb on competition.

F-Droid is urging developers and users to petition lawmakers and defend open distribution. The clash underscores a growing fault line in the Android ecosystem: whether the future of apps will be shaped by openness or by tightened corporate control.

Alongside policy changes, Google has launched a Data Commons MCP Server to provide AI agents with direct access to open datasets, thereby reducing hallucinations.